Show your work to get credit.Multiple SQL injection vulnerabilities are discover

Question

Show your work to get credit.Multiple SQL injection vulnerabilities are discovered on a web application you manage. It will take 80 hours to fix all the vulnerabilities. The developer who can fix it charges $75/hr. If your system is compromised a single time because of the SQL injection vulnerabilities you estimate that you will lose $6,000. At what Annual Rate of Occurrence (ARO) would it be financially feasible to fix all the vulnerabilities given a three year period (i.e. at what ARO would the cost to fix the vulnerabilities be equal to the ALE over a three year period)?

subjact

Ecommerce Security

Explanation / Answer

Time taken to fix vulnerabilities=80 hrs

Charge of fix=$75*80=$6000

Loss due to single time compromise=$6000

You can use the Quantitative risk analysis to determine the spending for application security measures per year. Quantitative risks can be calculated by the finding Single Loss Expectancy (SLE) or probability of a loss as a result of a security incident and the Annual Rate of Occurrence (ARO) or the annual frequency of the security incident.

The SLE is given by:

     SLE = AV x EF

AV = the Asset Value (AV)

EF= Exposure Factor (EF)

EF is the percentage of the loss when an incident occurs.

ALE = single loss expectancy (SLE) * annualized rate of occurrence (ARO)

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.